Solved

Active Directory (Netdiag) failed test KnowsOfRoleHolders

Posted on 2007-04-03
5
4,970 Views
Last Modified: 2008-06-21
I have a Windows 2003 network, with a mix of windows 2000 and windows 2003 DCs, one domain, each dept had their own local DC, all servers have the latest service packs installed.

Recently I added tree new DCs, when I run the netdiags on each server, I get this report back:

****************************************************************************************************

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Connectivity
         ......................... S-WATER-KP passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Replications
         ......................... S-WATER-KP passed test Replications
      Starting test: NCSecDesc
         ......................... S-WATER-KP passed test NCSecDesc
      Starting test: NetLogons
         ......................... S-WATER-KP passed test NetLogons
      Starting test: Advertising
         ......................... S-WATER-KP passed test Advertising
      Starting test: KnowsOfRoleHolders
         [TOSMAINBAC] DsBind() failed with error 1722,
         The RPC server is unavailable..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to DS RPC Bind.
         [TOSMAINBAC] LDAP connection failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... S-WATER-KP failed test KnowsOfRoleHolders
      Starting test: RidManager
         [S-WATER-KP] DsBindWithCred() failed with error 1722. The RPC server is unavailable.
         ......................... S-WATER-KP failed test RidManager
      Starting test: MachineAccount
         ......................... S-WATER-KP passed test MachineAccount
      Starting test: Services
         ......................... S-WATER-KP passed test Services
      Starting test: ObjectsReplicated
         ......................... S-WATER-KP passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... S-WATER-KP passed test frssysvol
      Starting test: kccevent
         ......................... S-WATER-KP passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001F60
            Time Generated: 04/03/2007   12:25:00
            Event String: The browser service has failed to retrieve the

         ......................... S-WATER-KP failed test systemlog
   
   Running enterprise tests on : TOSMAIN.local
      Starting test: Intersite
         ......................... TOSMAIN.local passed test Intersite
      Starting test: FsmoCheck
         Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
         ......................... TOSMAIN.local passed test FsmoCheck

*************************************************************************************************

The other DCs on the network come back clean. The TOSMAINBAC server failed with the blue screen of death, I have since replaced this DC, alll other DCs recognize the new DC, except for these 3 DCs. I was unable to demote this failed DC

I would usually just seize the roles, but I am concerned because that all the other DCs see the correct server who now holds the roles.

Secondly, this TOSMAINBAC is still listed in the AD, it will not all me to remove.
0
Comment
Question by:AccessYourBiz_Com
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 18845277
Make sure that all DCs have the correct DNS server IPs selected in their TCP/IP Properties.

Back up the System State on all DCs before changing anything.

Seize all the FSMO roles.
http://support.microsoft.com/kb/255504

Assuming you have a single-domain forest, make all your DCs Global Catalog servers.
http://support.microsoft.com/kb/313994

Manually remove TOSMAINBAC from Active Directory using NTDSUTIL.
http://support.microsoft.com/kb/216498

Remove TOSMAINBAC from Active Directory Sites and Services if it still appears there.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18845504
Just wanted to double check, all other DCs know the correct role holder, just these three do not, should I go ahead seizing the roles on these DCs?
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846050
When I run, ntsdutil on the problem server, the select roles, then connections, when I enter the comand "connect to server [servername]", I receive an error message

Binding to [servername]
DSBindW error 0x57(the parameter is incorrect)

if I run the same command (connect to server [servername] on any other controller in the domain, (except the 3 problem servers) the connection is successful.

Thanks
Steve
 
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18846068
You may want to run DCDIAG and REPADMIN first to make sure these DCs are replicating correctly.  A replication problem could account for the disparity in FSMO listings.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846373
Thanks for your reply, in this case I know they are not replicating correctly, the errors I listed earlier are from the dcdiag program. When using the ntdsutil to connect to the PDC, I tried both the IP and the DNS name with no success.

Thanks
Steve
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question